HIPAA Compliant QB Hosting

September 26th, 2017

QuickBooks Hosting Solutions aren’t all the same. And if you’re in the healthcare industry, you have an added layer of complexity surrounding your data protection: HIPAA Compliance. Today, Intuit neither meets HIPAA privacy standards nor will they sign a Business Associate Agreement (BAA).

So, what options do healthcare companies (who are subject to HIPAA compliance) have when bringing Quickbooks to the Cloud?

Many cloud/hosting providers have some security in place to make the application technically compliant. But if they aren’t willing to sign a BAA for you, then caveat emptor (Let the buyer beware!).

Always ask these three critical questions before you buy:

  1. Has the cloud/hosting provider had their yearly HIPAA audit? Be sure the provider has undergone the required yearly data center and infrastructure audits, complying with the current HIPAA standards. These audits ensure that the provider you choose is dedicated to privacy—and is indeed HIPAA Compliant. If they’ve completed their audit, they should be able to show you.
  2. Will they sign and/or provide a BAA? Find out if the Cloud Storage Provider’s contract includes a BAA. Look to this sample agreement to see everything a written contract needs to include.
  3. Do I trust this Cloud Partner? When choosing the Cloud Partner that’s right for you, trust is crucial. If you don’t trust the provider, how can you be confident they’re taking care of all of your sensitive data? Do your homework, ask the right questions, and most importantly, trust your gut.

Virtual Systems’ Hosted QuickBooks is HIPAA Compliant

At Virtual Systems, we have hosting solutions for QuickBooks — our QB Virtual Desktop. And guess what? It’s HIPAA compliant.

Our servers are located in highly-protected data centers, secured with monitored alarm systems, card access, and state-of-the-art temperature and humidity controls. We never share network traffic and all client data is transmitted in its own secure virtual network.

Our technical product architecture and security protocols are audited annually. And our staff is specially trained to identify and resolve potentially non-compliant issues.

But it’s one thing to be compliant…and it’s another thing to prove compliance. Don’t take our word for it, here’s what our third party auditors had to say, “The Audit & Assessment finds the overall safety and soundness of the Virtual System’s IT infrastructure to be intact.”

Here are a few examples of how we prove compliance:

  • Executives and management have adopted and implemented adequate policies and procedures
  • Executives, management, staff, and vendors properly identify, measure, monitor, and control existing and potential risks
  • Management, staff, and vendors have sufficient expertise to adequately plan, direct, and control operations; controls and safeguards for NPI, PHI, CI, and organization information and assets have been adequately implemented
  • The organization conducts appropriate notification following a breach of unsecured NPI, PHI, and CI
  • The organization is in substantial compliance with applicable industry standards and federal oversight rules and regulations

If you’re considering moving your QuickBooks to the cloud, don’t leave yourself exposed. Virtual Systems will gladly sign a BAA and our auditing assessments will prove our HIPAA compliance for your QuickBooks data.

Leave a Reply

Leave a Reply

Notify of

Let's Talk